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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address « 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
• Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 

earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)[3 Responsive to communication(s) filed on 31 May 2005 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) S Claim(s) 1.4.6-8. 12. 13. 16,17.20.31 and 34-38 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1. 4.6-8.12-13.16-17.20.31. 34-38 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) ^3 The drawing(s) filed on 30 December 1999 is/are: a)n accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C, § 119(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 119(e) (to a provisional application). 

a) D The translation of the foreign language provisional application has been received. 

1 5) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 1 20 and/or 1 21 . 

Attachment(s) 

1) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) Paper No(s). . 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) Q Notice of Informal Patent Application (PTO-152) 

3) O Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) O Other: 
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DETAILED ACTION 
Response to Amendment 

1. Applicant's amendment filed 31 May 2005 amends claims 1, 4, 6-8, 12, 13, 16, 17, 20, 
31, 34-37, and adds claim 38. Applicant's amendment has been fully considered and is entered. 

Response to Arguments 

2. Applicant's arguments filed 3 1 May 2005 have been fully considered but they are not 
persuasive. Applicant's argument that the prior art does not disclose that the challenge response 
includes a session identifier and a first hash number that is a function of at least one of the 
challenge string, the session identification, a sequence number, and a password is not persuasive 
because one cannot show nonobviousness by attacking references individually where the 
rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 
871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

3. Dustan does not disclose the challenge response containing a hash. Kaufman discloses a 
cryptographic authentication method wherein a server stores a hashed user password in its 
database. When a user wants to authenticate with the server, the server sends the user a nonce, 
which meets the limitation of a challenge string, the user then computes a hash of the nonce and 
the user password and transmits the hash to the server for authentication (Col. 3, lines 1-35). 

4. Similarly, Applicant's argument that the prior art does not disclose receiving at the 
service processor a direct platform control message from the client application, the message 
including a second hash number to verify the integrity of the DPC message is not persuasive 
because Kaufman further discloses that a hash of the message is included in the message along 
with the hash of the user password (Col. 9, lines 46-64). 
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Claim Rejections - 35 USC §103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 

7. Claims 1, 4, 6-8, 12, 13, 16, 17, 20, 31, 34-38 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Dustan, U.S. Patent No. 5,884,3 12, in view of Kaufman, U.S. Patent No. 
5,666,415. Referring to claims 1, 6-8, 12, 13, 17, 20, 31, 35, 37, Dustan discloses a system for 
securely accessing network information wherein a user requests a logon menu from a network 
server using a client and receiving a logon menu at the client (Col. 3, lines 11-14), which meets 
the limitation of receiving a request for hardware component information at a service processor 
disposed in a hardware component as an open session request from a requesting client 
application. The user then transmits logon information and the information is then verified at a 
database server (Col; 3, lines 17-20). The database server then generates and stores a unique 
session identification number at the database server in response to successfully verifying that the 
logon input is a valid logon input. The session identification number and a portion of the logon 
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input is transmitted to the client for storage purposes (Col. 3, lines 23-35), which meets the 
limitation of transmitting from the service processor a challenge string to the requesting client 
application, the challenge string including a session identification assigned by the service 
processor, wherein the session identification is unique to each session. The user then sends a 
request to perform at least a first function requiring access to a first type of disparate data by 
communicating the session identification number, the portion of the logon input, and the first 
function request to the database server (Col. 3, lines 26-34), which meets the limitation of 
receiving at the service processor a challenge response from the requesting client application, the 
challenge response including the session identification. The database server then verifies that the 
session identification number and the portion of the logon input are valid, and exchanging 
information between the database server and the first type of disparate data while performing the 
first function which is output to the client (Col. 3, lines 35-41), which meets the limitations of 
comparing the challenge response to an expected response to the challenge string, wherein the 
comparing includes verifying the session identification received in the challenge response 
against the session identification transmitted in the challenge string, and transmitting the 
hardware component information to the requesting client application. Dustan does not disclose 
the challenge response containing a hash. Kaufman discloses a cryptographic authentication 
method wherein a server stores a hashed user password in its database. When a user wants to 
authenticate with the server, the server sends the user a nonce, which meets the limitation of a 
challenge string, the user then computes a hash of the nonce and the user password and transmits 
the hash to the server for authentication (Col. 3, lines 1-35), which meets the limitation of 
receiving in the service processor a challenge response from the requesting client application, the 
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response including a hash number that is a function of at least one of the challenge string, session 
identification number, sequence number and a password. Kaufman further discloses that a hash 
of the message is included in the message along with the hash of the user password (Col. 9, lines 
46-64), which meets the limitation of receiving at the service processor a direct platform control 
message from the client application, the message including a second hash number to verify the 
integrity of the DPC message. It would have been obvious to one of ordinary skill in art at the 
time the invention was made to hash the challenge response of Dustan in order to protect the 
sensitive information from eavesdropping as taught in Kaufman (Col. 2, lines 61-65). 

Referring to claims 4, 16, 34, 36, 38, Dustan discloses that the logon information contains 
an incrementable value that is incremented upon a logon failure. After incrementation a decision 
step follows that compares the increment value to a preset threshold, which meets the limitation 
of a challenge string including a sequence number that increments with each new session. 

Conclusion 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Benjamin E. Lanier whose telephone number is 571-272-3805. 
The examiner can normally be reached on M-ThO 7:30am-5 :00pm, F 7:30am-4pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Benian ^ E Lanier lc^.W 

GILBERTO BARRON J/L' 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



